Written by

Theresa Payton

Detroit Free Press guest writer

Theresa Payton

More

ADVERTISEMENT

As the federal government prepares to implement the Affordable Care Act, Michigan Attorney General Bill Schuette wrote a joint letter with 12 fellow attorneys general asking Health & Human Services Secretary Sebelius important questions about data privacy.

These are questions I urge Michigan residents to ask on their own, too.

In order to find out whether you are eligible for the Affordable Care Act, the federal government needs to ask: How old are you? Where were you born? Are you a legal resident? Have you served in the military? Where will they go to get this information? The Social Security Administration, the Department of Homeland Security and the Veterans Administration, respectively. Then they will combine all of this data into the Hub, a one-stop destination where all your data will be compiled as your profile. Reports are not clear whether the Hub is going to be a database or an interface. Regardless, it will contain all your biographical information extracted from seven federal agencies and state agencies, put into one place. It is a hacker’s dream: one-stop-shopping for all of the details of your personal life.

Who will be reviewing this data? Navigators, as they are referred to in the new legislation. They are employees hired to determine your eligibility by peeking at the most private and sensitive details of your life. The attorneys general ask in the letter how the navigators will be trained, what is the plan to reduce the risk of identity theft, and how the staff will be screened to ensure we have highly skilled people with the upmost integrity looking at our private lives? The attorneys general raise valid concerns that need to be addressed.

This unprecedented aggregation of your personal information to one place is taking place at a time when data breaches are escalating, and amidst wide acknowledgment that health care data breaches are a growing concern. According to a report by the Identity Theft Resource Center, 34.1% of all data breaches were tied back to health care.

(Page 2 of 2)

What makes this more alarming is the recent report from the Inspector General’s Office. After reviewing draft documents and interviewing the project team, the overall tasks on the schedule were being completed later than anticipated. As the report cites, “several critical tasks remain to be completed in a short period of time, such as the final independent testing of the Hub’s security controls, remediating security vulnerabilities identified during testing, and obtaining the security authorization decision for the Hub before opening the exchanges.” It is not uncommon for large scale implementations to have dates slide. However, in this case, security testing for the “Hub” is so behind schedule, system testing results might only be available for review as late as one day before the exchanges will open.

As a consumer, this is your wake-up call. Take steps now to protect your data. Be vigilant about what you post on social media. Identity thieves can follow the information you post like digital bread crumbs leading back to your house. Contact your local legislator and let them know you aren’t comfortable with a database/interface that creates a one-stop-shop for cyber hackers. Use one e-mail address only for your health insurance company. Ask your doctor what happens with your data, not medical history per se, but your address, phone number, etc. Be on guard.

Today, as we live in an era where companies and government are rushing headlong into major big data projects with the attitude of “big data or bust,” we find a hidden meaning.

The Detroit Police Department and their uniform vendor recently used “small data” to keep a record of orders for uniform vests. When the department head wanted to alert everyone to come in to pick up their vests, an e-mail went out along with some very private and personal data: the bra sizes and weight of the female offices.

If we still bungle the “small data,” what could go wrong when we move to big data?